Do signed java applets have access to USB peripherals when run in the browser sandbox?

Question

I\'ve implemented a Java package with functionality to operate a POS printer and cash drawer connected to the workstation via USB. I\'ve also implemented an applet to utili

Answer 1

I am not sure of the answer to your question, but have an experiment that should shed further light on the matter.

In the opening lines of the Applet.init() call System.setSecurityManager(null). Then try to connect to the USB.

• If the applet is trusted, the call to setSecurityManager(null) will succeed, and remove the last remnants of the SecurityManager. (Yes, even trusted applets have a security manager, it is just much less restrictive that the security manager for sand-boxed apps.)
• If the USB is now discovered, it indicates a change in the trusted security manager. There have been a number of such changes in recent times.

Note that I am not suggesting putting code like this into production. If your applet is running in the same JRE as other applets, nullifying the SM could also elevate the privileges of the other applets.